Date: Mon, 8 Jan 2018 07:28:41 -0500 From: Baho Utot <baho-utot@columbus.rr.com> To: freebsd-questions@freebsd.org Subject: =?UTF-8?Q?Re:_Meltdown_=e2=80=93_Spectre?= Message-ID: <48211515-cc6b-522b-ccd2-4d0c1f6a2072@columbus.rr.com> In-Reply-To: <CAGBxaXnSRwtS=mbdsePyKvyZjTpu1tvo2O61SW60yQfdDJH4gA@mail.gmail.com> References: <f9cc484e-be92-7aff-52fe-38655e85dbaa@columbus.rr.com> <CAH78cDqPnOUGoU=6x-BiugnpjmjYcd=CZS3fSNaX5tq-Uvma7g@mail.gmail.com> <bc9ad15b-a718-b901-76fa-bc43ce0c1f1a@columbus.rr.com> <3AECDC7F-8838-4C09-AC7F-117DFBAA326C@sigsegv.be> <20180108085756.GA3001@c720-r314251> <CAGBxaXnSRwtS=mbdsePyKvyZjTpu1tvo2O61SW60yQfdDJH4gA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/8/2018 4:15 AM, Aryeh Friedman wrote: > On Mon, Jan 8, 2018 at 3:57 AM, Matthias Apitz <guru@unixarea.de> wrote: > >> As I side note, and not related to FreeBSD: My Internet server is run by >> some webhosting company (www.1blu.de), they use Ubuntu servers and since >> yesterday they have shutdown SSH access to the servers argumenting that >> they want >> protect my (all's) servers against attacks of Meltdown and Spectre. >> >> Imagine, next time we have to shutdown all IOT gadgets... > > > Not always possible for things like medical test equipment/devices. For > example I maintain a specialized EMR for interacting with Dr. prescribed > remote cardiac monitors. Having those off line is not an option since > they are used to detect if the patient needs something more serious like a > pace maker (also almost always a IoT device these days) surgery. > > The actual monitoring is done on Windows and was attacked by some > ransomeware via a bit coin miner that somehow installed it self. Since > all the users claim that they don't read email/upload/download executables > or any other of the known attack vectors this leaves something like > Meltdown or Spectre. We have also detected issues on the CentOS that has > the non-medical corporate site on it. The only machine left on touched on > the physical server (running some bare metal virtualization tool) is the > FreeBSD machine that runs the actual EMR we wrote. > > TL;DR -- It seems Linux and Windows already have issues with these holes > but I have seen little to no evidence that FreeBSD (when run as a host). > In general when ever any virtualization issue (like the bleed through on > Qemu last year) comes up FreeBSD is the one OS that seems to be immune > (thanks to good design of the OS and bhyve). This is the main reason why > I chose FreeBSD over Linux as the reference host for PetiteCloud. > This is not operating system specific, read the papers on theses two. it attacks the cpu, usally through a JIT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48211515-cc6b-522b-ccd2-4d0c1f6a2072>